Only able to connect locally through PfSense firewall/router

[humdumdumdumdum]

I'm having trouble with remote connecting through the Blue Iris app - I'm only able to connect locally on my LAN.

On my PfSense router, I have a NAT port forward from 64xxx to 81 on the LAN IP (both WAN and server have static IPs) and no ports are blocked as I'm on a business internet connection.

I set the protocol to TCP/UDP which I assume is correct and I have other ports (for other web servers) mapped to other LAN machines successfully.

Any ideas if I'm missing something? Does the BI server need to know what my external port is? The wizard doesn't let me set or test that, though canyouseeme.org does say that the service is available on that port, so I'm not sure what I'm missing...

Maybe I'm missing something on the app? Do I need two separate Servers set for WAN vs LAN connecting?

 

[fenderman]

you need to type in your external ip and port number....you only need to forward a single port...try a higher port number like 8585.

 

[humdumdumdumdum]

you need to type in your external ip and port number....you only need to forward a single port...try a higher port number like 8585.

I'm putting in my external IP : Port, like 1.2.3.4:64589 (which is actually the port I'm using).

What protocol does it work on? Does the android app try the LAN info and then fail over to the WAN info?

 

[fenderman]

I'm putting in my external IP : Port, like 1.2.3.4:64589 (which is actually the port I'm using).

What protocol does it work on? Does the android app try the LAN info and then fail over to the WAN info?

i believe its tries the lan first...
this might help you Why can't I access forwarded ports on my WAN IP from my LAN/OPTx networks - PFSenseDocs

 

[humdumdumdumdum]

Ok, nevermind - I had fat fingered the IP address... works now.

But to answer my own questions - protocol of TCP/UDP work, and it looks like the android app will indeed use LAN settings, and then fail over to WAN settings.

 

[rotorwash]

Since you are using PFsense as your firewall/router, I strongly urge you to look into using OpenVPN rather than an inbound NAT. It is built-in and will provide much more security than the BI app will. You are essentially entrusting the security of your whole network and any device attached to it to Blue Iris and how secure their code is. If you have the forethought to run PFsense, do yourself a favor and check it out. If you have any questions about how to do it, I can help point you in the right direction.

 

[humdumdumdumdum]

Since you are using PFsense as your firewall/router, I strongly urge you to look into using OpenVPN rather than an inbound NAT. It is built-in and will provide much more security than the BI app will. You are essentially entrusting the security of your whole network and any device attached to it to Blue Iris and how secure their code is. If you have the forethought to run PFsense, do yourself a favor and check it out. If you have any questions about how to do it, I can help point you in the right direction.

That is a very asstute observation and I was thinking the exact same thing. I run a webserver behind the firewall which is on a separate VLAN, but yes, I'm not super comfortable with an open port for video. I'm clueless on VPN though. I didn't think that would be an option for the Blue Iris Android app... Is it?

 

[fenderman]

That is a very asstute observation and I was thinking the exact same thing. I run a webserver behind the firewall which is on a separate VLAN, but yes, I'm not super comfortable with an open port for video. I'm clueless on VPN though. I didn't think that would be an option for the Blue Iris Android app... Is it?

vpn works with every app, its not dependent on the app at all..read up on it, there is a thread by nayr that provides an overview.

 

[rotorwash]

Your android phone would run the openvpn app in addition to the BI app. You run the openvpn app, connect, then run the BI app. As far as the BI app is concerned, you are connected to the LAN. The VPN software on your phone tunnels the BI communication into your network through the firewall.

 

[nayr]

Read the VPN Primer for Noobs